ICT Security Officer

Description

Job Title: ICT Security Officer

Contract: 6 months Inside IR35

The Opportunity:

Job Purpose:

• Provide effective, efficient and high quality ICT security support for the Trust Infrastructure environment by ensuring technical security is built in as standard, continually applied and maintained. Support the Head of Infrastructure and Cyber Security with technical ICT security issues, cyber investigations, providing reports and Trust ICT security systems administration.

Key Duties:

• Take responsibility for the creation and maintenance of clear, accurate and up to date documentation and records relating, in a standard template, to all aspects of the digital environment from a ICT security perspective, including the CareCERT process, security risks, security topology designs and the Cyber Security Action Plan (CSAP)
• With guidance from the Head of Infrastructure and Cyber Security, maintain, manage and monitor the ICT security reporting and risk management of the Trust infrastructure
• Supporting the Head of Infrastructure and Cyber Security, innovate, maintain and manage the ICT security infrastructure of the Trust, ensuring that all risks and mitigations are documented and have accurate and up to date plans
• Establish and implement clearly defined processes and procedures to support the Head of Infrastructure and Cyber Security relating to ICT security of the organisation

General Duties:

Project and Resource Management

• Responsible for the planning, implementation, documentation and delivery on time and within budget of specific small projects across the range of security infrastructure services and devices, including, but not limited to, endpoint devices, Routers, Switches and security services
• Supervise staff and resources allocated to security projects to ensure that project objectives are met within allocated timescales

Support and Maintenance

• Analyse and resolve routine technical ICT security and cyber issues. Manage and maintain security solutions on a day-to-day basis within the Trust's infrastructure, including systems and Servers.

The areas covered include but are not limited to:

o Trust Infrastructure

o NHSMail and ATP

o ICT Security Infrastructure - Firewalls, EDR, NDR, SSO, PAM and ARM

o NHS Secure Boundary

o Microsoft ATP

o Office 365 Security

• Promote a security aware culture within the Trust.
• Provide advice and demonstrate use of security software and hardware to end-users
• Support the Head of Infrastructure and Cyber Security in defining, implementation and management of BCP and DR plans for the digital environment
• Attend security related meetings, deputising for the Head of Infrastructure and Cyber Security where required
• Participate in (and occasionally chair) ICT Security meetings and provide constructive input and feedback as required
• Provide security related advice, training and support to Trust staff, partners and 3rd party suppliers
• Design technical specifications and processes for ICT infrastructure highlighting any risks for the Trust, ensuring ICT security is built in from the start
• Provide detailed comparisons of functionality, features and price for security solutions
• Working with the Digital Contracts Manager, provide the administration of security solution support contracts and provide the Head of Infrastructure and Cyber Security recommendations based on findings
• Work with the Information Governance team in managing and maintaining the evidence required to achieve compliance for the Data Security Protection Toolkit (DSPT)
• Work with the Information Governance team to gather 3rd party security evidence required for Data Protection Information Assessments (DPIA)
• Manage and support the maintenance of evidence required for the Trust to achieve and maintain any security accreditations eg Cyber Essentials Plus and ISO
• Responsible for the determination of priorities in the resolution of problems and issues within own designated area of work
• Work with Trust System Administrators to ensure that ICT security risks and vulnerabilities are fully identified and reported to the Information Technology and Security Forum
• Regularly audit digital systems to ensure that the requisite security software are installed in accordance with licensing and contractual requirements
• Ensure that all ICT security risks are documented and any related actions are completed within deadlines set
• Where appropriate, and under the management of the Head of Infrastructure and Cyber Security, adopt a proactive role in the successful resolution of any escalated or complex IT security support calls - eg the failure or malfunctioning of the Single Sign On Solution
• Maintain a close working relationship with the all members of the Digtial Division to ensure that defined standards of working are maintained and a clear understanding of current ICT security challenges and issues
• Maintain a close working relationship with the Computacenter Information Security Manager, ensuring that reports, security incidents and requests are actioned in a timely manner and resolved to maintain the security of the Trust digital environment
• Under the guidance of the Head of Infrastructure and Cyber Security, provide comprehensive ICT security plans and roadmaps, including risk management, vulnerabilities and End of Live events
• Liaise with external third party support organisations in the diagnosis and resolution of cyber and ICT security issues relating to IT equipment and services
• Update the incident and request software with clear and accurate information and resolution details for any issues that have an incident or request ID requiring the input of this role
• Support the completion of root cause analysis for security incidents and provide information to the Problem Manager
• In the absence of the of the Head of Infrastructure and Cyber Security, receive and interpret urgent calls, prioritise accordingly and to escalate such calls to the Director of ICT
• Working with EWA and Computacenter, support the testing and deployment of service packs, patches and security fixes to Servers and Endpoint devices as directed by the Head of Infrastructure and Cyber Security
• Deputise for the Head of Infrastructure and Cyber Security in ICT Security meetings, where requested and provide supervisor support for other members of the Infrastructure and Cyber Security team in the absence of the Head of Infrastructure and Cyber Security
• Carry out other tasks as and when requested by the Digtial Senior Managers.
• Maintain an up-to-date knowledge of ICT security developments, hardware and software technologies. This may involve attending seminars, training events and reading relevant journals and technical documentation
• Maintain an up-to-date detailed knowledge of specific hardware (eg Servers, Firewalls, network switching, etc) and desktop applications (eg Office 365, Antivirus, etc) in use within the Trust.
• Maintain an up-to-date awareness of specific applications (eg MDM, Cisco Firewall, Remote Access Services, Fortinet, etc) in use within the Trust
• Maintain and understand up to date ICT security and infrastructure design awareness

Knowledge

Documentation & Standards

• Responsible for the development, production and ongoing maintenance of clear, accurate and up to date documentation and records relating to all aspects of the Trust's ICT security Infrastructure
• Responsible for the documentation of maintenance, management and reporting of ICT security risks
• Responsible for the documentation of management and maintenance of implementation of NHS Digital CareCERTS for the ICT infrastructure
• Respond to NHS Digital High Severity Alerts for national cyber incidents
• Join the NHS Cyber Associates Network to update, maintain and disseminate knowledge with NHS peers
• Assist with the design, production and maintenance of user documentation, training material and face to face user training to ensure the successful deployment of new systems and associated hardware and software from an ICT security perspective